Parents wonder what kind of data is being offered, and who is supplying this data? If one goes to the Kids Count Data Center website, http://datacenter.kidscount.org/ , you can see that pages of data are being offered, not only educational data, but also data on health, family background, race etc.

An advertisement in Forbes certainly is not cheap. Parents wonder if their students’ data are being sold or traded or monetized. We do know that the nonprofit Colorado Children’s Campaign has received over $9 million from Bill Gates’ Foundation, and we also know that Gates has deep interest in accessing student data. Colorado has a law that prohibits the selling of student personally identifiable information, pii. Colorado also has a law requiring companies or institutions who have access to student pii data to sign a contract agreeing to uphold certain security and privacy measures, including further re-sharing of the data. We know some of the data that Colorado Children’s campaign received came from the Colorado Department of Education. The Colorado Department of Education must post these contracts of all companies and institutions who have access to student personally identifiable information.

This would imply that Colorado Children’s Campaign has not (in the past 3 years) received pii data. But what data has Colorado Children’s Campaign received? Who do they share student data with? If there is no contract, is there anyone monitoring their use of student data? Has there ever been an audit? Without a contract, how would parents know what data elements they receive, and are they permitted to sell or monetize student data? Who gave permission for Colorado Children’s Campaign to access student data, under what authority?

CDE no longer has anIRB. Since CDE dissolved their IRB last year, certainly someone independent of the requestor should be reviewing these (and other) data requests. Without contracts, without an IRB, who is overseeing student data requests like those of Colorado Children’s Campaign? In 2016, instead of an IRB, CDE developed this internal research approval panel, with final approval of the state board.

Federal Law.

Federal law (FERPA) which is over 40 years old and has always required that when sharing student data to the public, it must not reveal student identity. Sometimes, in cases where a data-set has few enough numbers, where a student could be identified based on elimination, under both federal and state laws, that data-set must be withheld from the public. (ie: The only 5th grade girl with a brother in 3rd grade, sister in 1st grade, in the same small school, and are of a certain race, ethnicity… It is likely that you, or anyone, could probably pinpoint who that 5th grade girl was. )

The Colorado Board of Education recently started reviewing data requests to ensure the requests have a legitimate educational purpose and to verify that student data privacy and security requirements are being met.

Data brokers, data requestors unhappy.

Chalkbeat Colorado reported recentlythat not all parties who request student data are happy with the review and requirements set by the Colorado Board of Education.

Chalkbeat reports that parents and schools are still receiving full data sets,

“Officials at the Colorado Department of Education stress that districts and schools are receiving complete data sets, and that parents will be provided with comprehensive reports explaining how their students and schools are performing.”

“According to federal law, the state must redact data that could allow any person using reasonable measures, such as basic subtraction, to figure out how a particular student performed on a test.”

The new Colorado data privacy (HB1423) does not require redaction above and beyond what FERPA already requires.

However, the Colorado Freedom of Information Coalition today reported on the redaction of small n size, and the requirement of the state board to review data requests. CFIC’s report included a quote from Colorado Children’s Campaign,

“We’re concerned about the impact this could have on academic educational research,” said Sarah Hughes, research director at the Colorado Children’s Campaign. “Politicizing this process seems a bit out of the ordinary based on other states I’ve looked at.”

Parents wonder why these organizations requesting children’s data oppose being independently reviewed. Do they oppose having to adhere to state and federal law?

If groups are concerned about masking datasets with small n values, and losing accountability data, why can’t they employ something as simple as reporting the range (highest, lowest,), median, mean, and s.d. for grade-level testscores without the proficiency bands? This would allow one to compare schools, would provide accountability data for the small number of schools affected, while maintaining FERPA privacy.

eg: scores on PARCC test for small n size group

Median: 720

Certainly these organizations requesting student data understand and respect the need to protect children’s privacy and would not be opposed to publicly posting data sharing agreements, contracts about what data they receive, how they are using it, who they are sharing it with. And since data is money, perhaps they should be reporting income, paying taxes on the student data they receive.

One final thought: Whose data is it anyway? Did anyone bother asking the student or the parent?